Hi list,
I am having some very weird errors on a really poorly designed network, and
am frankly stumped, details follow:
Two IPSO machines newly upgraded to IPSO 3.8.1 and Checkpoint FW/1 R55p
(R55w not yet being supported on IPSO according to CP) running in VRRP
cluster config.
Various subnets of private and public ranges, all of which are working
except below.
Citrix connectivity which is at fault as well as http traffic between a
10.3.* network INSIDE and a 10.20.* network coming from the OUTSIDE
interface (!!! I Know it sucks, but can't change this !!!). ICMP traffic
goes through and is logged. The citrix and http traffic comes in on the
external interface as shown via tcpdump, but does not leave the firewall nor
is it logged. I put a test rule up as rule rule to allow all between the two
subnets, once again, ICMP shows in logs, and goes through, the other traffic
does not. Getting the client to telnet over the citrix port does not show up
either. I have disabled the AI and tried to NAT the two addresses, to no
avail. I doubt this is a routing problem as traffic is hitting the firewall
and going through, also I won't be able to fix their network as it has to be
locked down in a few days for the holiday season.
Any advise would be much appreciated, suggestions and queries will be dealt
with as promptly as I can and feedback given.
Marcel
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
